Cross-Site Scripting Vulnerabilities in Ubercart Module for Drupal
CVE-2008-1428

Currently unrated

Key Information:

Vendor: Drupal
Status: Ubercart Module
Vendor: CVE Published:; 20 March 2008

What is CVE-2008-1428?

The Ubercart module for Drupal has multiple vulnerabilities that allow attackers to execute arbitrary scripts by injecting malicious content into product attribute values. This could lead to unauthorized access, data theft, or manipulation of user sessions, putting affected sites at significant risk. It's crucial for users of the Ubercart module to update to the latest version to mitigate these security flaws.

References

http://drupal.org/node/233492

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/0867/references

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/41184

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2008
Vulnerability Reserved
Mar 20, 2008